Executive Summary

A struggle over cryptography policy is now taking place in the higher echelons of government, science and industry. Its outcome will have far reaching and possibly irrevocable consequences for every Americans' right to privacy. Yet the public has been kept largely in the dark. No one has asked the American people if they want Big Brother permanently hardwired into the country's communications infrastructure, and that is what will happen if the Clinton Administration has its way.

Cryptography provides an envelope, seal and signature for otherwise unprotected electronic communications, including telephone conversations, FAX messages, e-mail, fund transfers, trade secrets and health records. Without strong encryption, there will be no way to protect private communications from snooping, whether by the government, by business competitors, by terrorists, or by nosy neighbors, hackers and thieves. The ACLU therefore supports the free and unfettered development, production and use of the strongest possible encryption technology.

The Clinton Administration, however, has consistently pushed for significant curbs on our ability to use cryptography to protect electronic privacy. It claims that without access to the keys of all encrypted messages, its "ability to fight crime and prevent terrorism" will be "devastated." But in fact, in the past decade, 83 percent of all wiretaps and other forms of government surveillance have been authorized in connection with vice crimes like gambling and drug offenses. The Administration is using scare tactics to acquire vast new powers to spy on all Americans.

The government's own records show that electronic surveillance is of marginal utility in preventing or solving serious crimes. It did not, for example, stop or lead to the apprehension of the Unabomber, Timothy McVeigh, or the World Trade Center bombers. Those crimes were solved by good detective work. Serious crimes of violence, including terrorist crimes, are almost never the targets of electronic surveillance. Electronic surveillance does, however, lead to violations of the privacy rights of vast numbers of innocent Americans. According to the government's own statistics, 2.2 million conversations were intercepted in 1996, of which 1.7 million were deemed innocent by prosecutors.

Today's debate over cryptography offers the nation an opportunity to confront the issue of electronic surveillance anew. The ACLU believes that electronic surveillance is absolutely inconsistent with a free society. Free citizens must have the ability to conduct instantaneous, direct, spontaneous and private communication using whatever technology is available. Without the assurance that private communications are, indeed, private, habits based upon fear and insecurity will gradually replace habits of freedom.

Introduction

The debate about the role of electronic surveillance in our democracy is as old as the telephone. But today, the debate has taken on new urgency. Revolutionary changes in our communications infrastructure, brought about by the amazing growth of the Internet and the ever-increasing digitization of information, pose unprecedented threats to personal security and privacy. An increasing amount of sensitive information is now circulating in electronic form, including telephone conversations, FAX messages, electronic mail, fund transfers, trade secrets and health records. The same technological advances that have brought enormous benefits to humankind also make us more vulnerable than ever before to unwanted and potentially dangerous snooping -- by governments, by business competitors, by terrorists, by nosy neighbors, by hackers, and by thieves.1

How Does Cryptography Work?

Computers generally transmit data in strings of 1's and 0's that are not apparent to most users. Encryption software and hardware programs scramble these numbers using an algorithm or mathematical formula that can be re-converted only with the proper formula or the "key." Thus, only an authorized person with the secret key can convert a scrambled message back to its original state or readable form.

The strength of encryption against interception and conversion by unintended recipients generally depends on the length of the formula or "key" that is required to decrypt the data. This key is measured by its "bit length" and generally, the longer the key and its bit length -- the stronger it is. Thus, a 56 bit length key -- which is considered weak -- could take seconds for a hacker or thief to decode, whereas a 128 bit length key -- which is exponentially stronger -- could be impossible to decode in a lifetime.

Make a Difference

Your support helps the ACLU defend privacy rights and a broad range of civil liberties.

The solution to this problem is cryptography -- the science of secret writing and codes -- that has been used to protect the security of communications for thousands of years.2 Essentially, cryptography enables the encoding of information so that only the intended recipient has the ability to understand its meaning. Once in the exclusive province of governments, cryptography has now been embraced by scientists, computer users and the communications industry as the best way to protect the privacy and security of electronically transmitted information. In this context, encryption runs a readable message through a computer software program that translates it into unreadable "ciphertext." In order to decode, or decrypt, the message, one must have the "key."

Cryptography holds the potential for allowing the continued growth of the Internet, digital commerce, and democracy around the world by protecting the integrity of communications from unauthorized access and abuse. Encryption protects:

voice communications, such as cell phone conversations, by scrambling signals so that eavesdroppers cannot understand the content of the message;

ATM transactions, by protecting your password so that others may not access your financial information;

E-mail, so that your messages go only to the intended recipients and not to every other computer user.

Cryptography's increasing use and popularity in the private sector has led to a predictable response by the government: a demand for access to the keys. Citing vague threats to safety and national security, the Clinton Administration has for several years demanded that industry provide it with backdoor access to the country's information infrastructure. As a result of this tension, a struggle over cryptography policy is now taking place in the higher echelons of government, science and industry. Professor Kenneth W. Dam, who chaired the National Research Council's Committee to Study National Cryptography Policy, has warned that "a policy crisis is upon the nation" because of the lack of consensus over cryptography.3

Professor Dam's warning takes on greater urgency today. On one side of this policy impasse are the law enforcement and national security agencies -- the Justice Department, the FBI, the National Security Council, the Drug Enforcement Administration, and many state and local law enforcement organizations. On the other side are the communications industry, the country's leading cryptographers and computer scientists, and privacy and civil liberties advocates.

The main arena for this struggle is the U.S. Congress, where a plethora of bills have been, and are being, considered. For the most part, members of the general public have no inkling as to what is going on or what is at stake. No one has asked them whether or not they want Big Brother permanently hardwired into the country's communications infrastructure. And although claims have been made by various government officials that the proliferation of non-key recovery encryption will "devastate our ability to fight crime and prevent terrorism,"4 the evidence about how wiretapping has been used over the past 30 years does not support that apocalyptic assertion. No one has demonstrated convincingly that the only or even the best way to protect ourselves is by creating the apparatus for constant, universal government surveillance. In fact, the government is using scare tactics to take this opportunity to acquire vast powers to spy on all Americans.

This report examines one critical aspect of this extraordinarily complex issue: the grave threats to personal privacy posed by the current Administration position on cryptography. If the President has his way, new technology will make possible a much more intrusive and omniscient level of surveillance than has ever before been possible. In the pre-digital era, the cost of labor intensive wiretaps, conducted by human agents listening to conversations and then transcribing them, functioned to some extent as an economic deterrent to wide scale wiretapping. Digital wiretapping, on the other hand, means massive scanning of thousands of conversations by computers programmed to look for digital representations of key words, like "drugs," "bombs," "civil rights," "Republicans," or "Democrats." Obviously the potential for abuse is thereby magnified many-fold.

The debate over cryptography must be viewed as part of a larger set of issues concerning the power and authority of government to conduct surveillance in the digital age. In recent years, law enforcement agencies have engaged in surreptitious surveillance, such as wiretapping, on a far greater scale than ever before. Today the government's control of encryption, through restrictions on its strength and demands for access to decoding "keys," is the lynch pin of a new and unparalleled era of wiretapping.

Electronic surveillance is inconsistent with a free society

The cryptography debate offers the nation an opportunity to confront the issue of electronic surveillance anew. If we do not do so in a fully informed and careful way, there will be no limit to the sweep of new technological opportunities for total surveillance potential. Without the right to strong, non-key recovery encryption, the black strips on the backs of our credit, cash and identity cards, the electronic keys being distributed by gasoline companies to enable the purchase of gas with the wave of a wand, the E-Z passes for paying tolls electronically, and the imminent arrival of compact digital cell phones that also function as computers, e-mailers and pagers, will all be vulnerable to both governmental and nongovernmental spying, both authorized and unauthorized.

The American Civil Liberties Union has historically opposed all forms of electronic surveillance by the government, and therefore supports the free and unfettered development, production and distribution of the strongest possible encryption technology. Electronic surveillance, whether through bugging devices, wiretaps, or ready access to encryption keys, is fundamentally at odds with personal privacy. It is the worst sort of general search, which necessarily captures not only the communications of its specific targets, but those of countless others who happen to come in contact with the targets or use the same lines. Free citizens must have the ability to conduct direct, instantaneous, spontaneous and private communication using whatever technology is available. Without the knowledge and assurance that private communications are, indeed, private, habits based upon fear and insecurity will gradually replace habits of freedom.

The right to privacy has already been severely compromised in this country. Telephones have been tapped by police at least since 1895, and in the past century there has been a constant tug of war between the government's impulse to eavesdrop and the public's desire to resist further encroachments. Although its powers have been limited by both statute and court decision, for all practical purposes the government has prevailed in this struggle. According to statistics compiled by the Administrative Office of the U.S. Courts, surreptitious government surveillance is now at record levels.5 From 1985 to 1995, more than 12 million conversations were intercepted through law enforcement wiretaps, and all but a relative handful were completely innocent (in 1995 alone, nearly two million innocent conversations were intercepted). Although government agents must obtain a warrant, their requests for wiretaps are almost never turned down by judges or magistrates. In fact, only one request by law enforcement for an intercept has been rejected in the last eight years.

As will be explained below, all of this wiretapping has produced little in the way of results for law enforcement and yet the expansive surveillance capabilities being sought today through the control of encryption and digital telephony will give the government unprecedented access to all communications -- with or without a warrant.

Timeline

April 1993The Clinton Administration unveils the "Clipper Chip," an encryption chip developed by the National Security Agency, and proposes legislation mandating its incorporation into all encryption products, giving the government access to all encrypted messages.

January 1994Leading cryptography, security and networking experts issue a letter opposing Clipper Chip. The letter is followed by an Electronic Petition signed by over 50,000 people.

February 1994The White House announces the adoption of the Clipper Chip. Attorney General announces that two U.S. Government entities will hold the escrowed key components. The Department of State issues its International Traffic in Arms Regulations (ITAR), designating cryptographic systems and software as "munitions" requiring a license before they can be imported or exported.

October 1994President Clinton signs into law the Communications Assistance for Law Enforcement Act (CALEA), also called the National Wiretap Plan, or digital telephony, requiring telecommunications carriers to ensure that all of their equipment is wiretap-friendly. The industry goes along with the legislation only after the Administration pledges to seek $500 million from Congress to fund the program.

October 1995The FBI files notice in the Federal Registry seeking the authority under CALEA to simultaneously monitor one out of every 100 telephone lines in "high crime areas" of the country, representing a 1,000-fold increase over previous levels of surveillance.

May 1996The Committee to Study National Cryptography Policy of the National Research Council issues its report, "Cryptography's Role in Securing the Information Society," which, among other things, warns that since "key recovery agents involve people...human vulnerabilities and weaknesses may lead to compromises of the system" which in turn could lead to "catastrophic losses for businesses." The Report also states that the encryption policy debate should not be held behind closed doors and that lawmakers do not need classified information to resolve the issue.

September 1996Resolution in Support of the Freedom to Use Encryption endorsed by 15 international organizations urging the Organization for Economic Cooperation and Development (OECD) to "base its cryptography policies on the fundamental right of citizens to engage in private communication."

October 1996Vice President Gore announces the Administration's intention to liberalize export controls for commercial encryption products for up to two years, but only if industry commits to build and market products that support key recovery.

Cryptographer Daniel Bernstein files suit against the State Department asking that the export control laws be struck down on First Amendment grounds.

December 1996A federal district judge issues the first ruling in favor of Bernstein holding that ITAR -- the government's encryption export regulations -- are unconstitutional and violate the First Amendment.

104th Congress ends without passage of any bills.

March 1997The Organization of Economic Cooperation and Development (OECD), an international body of 30 countries, issues guidelines rejecting key escrow encryption and endorsing strong privacy safeguards.

May 1997A self-constituted group of eleven prominent cryptographers and computer scientists issue their final report, "The Risks of Key Recovery, Key Escrow, and Trusted Third-Party Encryption," in which they conclude that the deployment of key-recovery-based encryption infrastructures to meet law enforcement's stated specifications will result in substantial sacrifices in security and greatly increased costs.

August 1997Federal judge rules in Bernstein case that the export licensing requirements for encryption technology are unconstitutional. The government appeals.

September 1997The FBI holds closed door meetings with the House and Senate National Security Committees to discuss law enforcement's opposition to the Security and Freedom Through Encryption Act (SAFE). As a result of the secret briefing, the key provisions of the bill are gutted and for the first time, the FBI admits that it is seeking control over domestic use of encryption.

November 1997ACLU and other civil liberties groups petition the Federal Communications Commission to reconsider and put an end to the FBI's plans for expanded wiretapping capabilities under CALEA.

February 1998The Global Internet Liberty Campaign (GILC) releases International Crypto Survey finding that most countries do not restrict the use of encryption.The ACLU, Electronic Privacy Information Center (EPIC), Electronic Frontier Foundation (EFF) and Computer Professionals for Social Responsibility send a letter to Congress and comments to the Federal Communications Commission urging that the digital telephony plan CALEA -- receive no funding and be re-evaluated in light of the FBI's bad faith in the plan's implementation. Privacy groups announce that the FBI has ignored Congressional limitations on its surveillance capabilities under the plan and has proposed far broader intercept authority than permitted by the Act.

The Clinton Administration's anti-privacy position

The Clinton Administration has consistently ignored the privacy rights of all Americans against unauthorized interception or surveillance. Its public statements, regulations, legislative proposals and litigation positions all support significant curbs on the private sector's ability to use cryptography to protect electronic privacy.

Despite nearly universal condemnation by the civil liberties community and much of the scientific community,6 this position on cryptography has remained essentially unchanged since 1993, when the adoption of the "Clipper Chip" plan was announced. The Clipper Chip proposal would have required every encryption user (that is, every individual or business using a digital telephone system, fax machine, the Internet, etc.) to hand over their decryption keys to the government, giving it access to both stored data and real-time communications. This is the equivalent of the government requiring all homebuilders to embed microphones in the walls of homes and apartments. Negative reaction to this proposal was fierce. A Time/CNN poll conducted soon after Clipper Chip was proposed found that 80 percent of the public opposed it. The Administration quickly withdrew the proposal and said the Clipper Chip would be a voluntary government standard.

Shortly thereafter, the Administration put forth "Clipper II," a scheme whereby anyone using encryption would have to leave the key with a government-approved "escrow agent," giving the government access to communications without the knowledge or consent of the sender. That too met with tremendous public opposition which, in turn, led to the "Clipper III," a program for key escrow that did not differ significantly from the earlier proposals.

According to encryption experts, the Administration's key escrow, trusted third-party and key recovery schemes all fatally compromise encryption's basic purpose in that they enable third parties to gain covert access to the plain-text of encrypted communications, and they require the existence of secret keys that cannot be sufficiently safeguarded from government and private abuse.7

In addition to Clipper Chip versions I through III, the Administration has also pushed for sweeping expansions of FBI wiretapping authority in numerous bills, including the anti-terrorism legislation passed in 1996. The Communications Assistance for Law Enforcement Act (CALEA)8, passed in 1994, is perhaps the best example of the Clinton Administration's disregard for telephone privacy rights. Passed over the vociferous objections of the ACLU and other privacy organizations, this massive FBI wiretapping scheme requires telecommunications carriers and manufacturers to build wiretap capabilities into the nation's communications systems. Unless Congress votes for a delay, CALEA is to be implemented by October 1998. Among the FBI's many demands is one that would require every cell phone to provide information about the location of users to police, in effect turning the telephone into a homing device.

All of this legislative activity has taken place against a backdrop of increased use of existing surveillance powers. In fact, the Clinton Administration set a record for most crime-related wiretaps in a year and for the most wiretaps placed for intelligence purposes.

The Administration has tried to minimize the civil liberties problems inherent in its various key recovery proposals, but its attempts to square the far reaching powers it is seeking with the requirements of the Fourth Amendment are ahistorical and fundamentally flawed.

On June 26, 1997 the House International Relations Committee held a closed briefing session on the subject of encryption.9 Present at the briefing was FBI Director Louis Freeh, who laid out the Administration's position in response to SAFE Act sponsor Rep. Robert Goodlatte's concerns that key escrow requirements violated the Fourth Amendment:

"We are asking to maintain the balance of the Fourth Amendment. For 200 years the framers and every Congress thereafter has balanced protection of privacy with the legitimate need for police under strict probable cause limits with court orders to do search and seizure. The bills that are being proposed [SAFE Act] will dramatically shift that balance for the first time in 200 years. What it means is that with probable cause, the judge signs the order for me to access the conversations, but I cannot understand it...because no one has...required that there be some key safely placed somewhere, only attainable with a court order. That dramatically changes the balance of the fourth amendment to the detriment of public safety."

Freeh is wrong on several counts.

What the framers had in mind when they adopted the Fourth Amendment

The Fourth Amendment10 was adopted in direct response to the English Parliament's practice of giving colonial revenue officers complete discretion to search for smuggled goods by means of writs of assistance. The writs permitted colonial authorities, including British troops, to enter homes and offices at will and search any person or place they wanted. The early Americans rebelled against these general searches, and on the eve of the Declaration of Independence, Samuel Adams said he regarded the opposition to general searches as "the Commencement of the Controversy between Great Britain and America." It is fair to say that absolute protection from general government searches is one of this country's founding principles.

When the framers struck the original balance between personal privacy and the needs of law enforcement, remote listening devices had not yet been invented. But it is clear that had they existed, the framers would not have approved of them. By definition, electronic surveillance constitutes a general search, not a search limited to specific